AlejoGP

@bluejay00 @Cube1282444 @cyb3rops First detection on October 21

@AIexGP @Cube1282444 @cyb3rops Nicely done! When did this happen?

Rapid7 dropped a write-up on the Notepad++ update-chain abuse and - finally - it comes with real IOCs - update.exe downloaded from 95.179.213[.]0 after notepad++.exe -> GUP.exe - file hashes for update.exe / log.dll / BluetoothService.exe / conf.c / libtcc.dll - network IOCs incl. api[.]skycloudcenter[.]com (-> 61.4.102[.]97), api[.]wiresguard[.]com, 59.110.7[.]32, 124.222.137[.]114 by @rapid7 rapid7.com/blog/post/tr-c…

@MFMokbel @cyb3rops Nope, look at the end of the post.

@AIexGP @cyb3rops It is their MDR team that found it, so, all the credit goes to Rapid7.

Rapid7 thanks @AIexGP for contributing the IoCs we've shared in our blog.

@Cube1282444 @bluejay00 @cyb3rops I'm Happy

@bluejay00 @AIexGP @cyb3rops Can say with confidence most MDRs have had the IOCs for months. Im just surprised Huntress didn't beat rapid7 to making them public.

#defcon33 Planting C4: Cross-Compatible External C2 for All Your Implants Scott "ScottCTaylor12" Taylor

#defcon playing dirty

SSH-nanigans: Busting Open the Mainframes Iron Fortress through Unix Philip "Soldier of FORTRAN" Young

#defcon33 man in the malware

#defcon33 hacking boats

@5eniorDeveloper if (!value) {//throw exception}

Qué tipo de programador eres: 1: if (value) { //logic } else { //throw exception } ______________________ 2: if (!value) { //throw exception } //logic